1. Technical Field
The present invention generally relates to data loss prevention and in particular to techniques for performing data loss prevention.
2. Description of the Related Art
Data loss prevention (DLP) is a computer security term that refers to systems that implement a centralized management framework to identify, monitor, and protect data in use, data in motion, and data at rest through deep content inspection and contextual security analysis of transactions. In general, DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential information. Many companies now fall under oversight of regulations that mandate controls over information. At least some regulations require organizations to perform periodic information technology (IT) audits, which an organization can fail if the organization fails to implement suitable IT security controls and standards. Loss of large volumes of information has become a regular headline event, forcing financial companies to re-issue credit and debit cards, notify customers, and mitigate loss of goodwill from negative publicity.
Network DLP systems, also referred to as gateway-based DLP systems, are usually dedicated hardware/software platforms that are installed on an Internet network connection of an organization. Network DLP systems analyze network traffic to search for unauthorized information transmissions, including content of email, instant messaging (IM), file transfer protocol (FTP), hypertext transfer protocol (HTTP), and HTTP secure (HTTPS) transmissions. Advantageously, network DLP systems are relatively simple to install and provide a relatively low cost of ownership. Network DLP systems can also discover data at rest (data stored throughout an organization) to identify areas of risk where confidential data is stored in inappropriate and/or unsecure locations.
Host-based DLP systems usually run on end-user workstations or servers in an organization. Like network DLP systems, host-based DLP systems can address internal and external communications and can be used to control information flow between groups or types of users (e.g., through the implementation of Chinese walls). Host-based DLP systems can also control email and IM communications, such that blocked communications that are not subject to retention rules are not stored in a corporate archive. Advantageously, host-based DLP systems can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before the information is encrypted. Some host-based DLP systems can also provide application controls to block attempted transmissions of confidential information and provide immediate feedback to a user. In general, host-based DLP systems need to be installed on each computer system in a network and cannot usually be used on mobile devices (e.g., cell phones and personal digital assistants (PDAs)). Moreover, host-based DLP systems cannot be practically installed in some applications (e.g., on computer systems in an Internet cafe).